<?php
session_start();
//If your session isn't valid, it returns you to the login screen for protection
if(empty($_SESSION['myusername'])){
 header("location:main_login.php");
}
//echo $_SESSION['myusername'];
?>
<?php
/* 
 EDIT.PHP
 Allows user to edit specific entry in database
*/

 // creates the edit record form
 // since this form is used multiple times in this file, I have made it a function that is easily reusable
 function renderForm($id, $mediator, $error)
 {
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
 <html>
 <head>
  <link href="default.css" rel="stylesheet" type="text/css" />
 <title>Edit Mediator Record</title>
 </head>
 <body>
 <div id="fulladmin">
 <div id='adminleft'>
 <p><center><b>Edit Mediator</b></center></p>
 </div>
 <div id='adminright'>
 <center><h1>Mediators</h1><br>
 <table border='0' cellpadding='10'>
   <tr><th>
 <?php 
 // if there are any errors, display them
 if ($error != '')
 {
 echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
 }
 ?> 
 
 <form action="" method="post">
 <input type="hidden" name="id" value="<?php echo $id; ?>"/>
 <div>
 <p><strong>Id:#</strong> <?php echo $id; ?></p>
 <strong>Mediator Name:</strong> <input type='text' name='mediator' value="<?php echo $mediator; ?>"/><br/>
  <br>
 <input type="submit" name="submit" value="Submit">
 <input type="submit" name="back" value="Back">
 </div>
 </form> 
 </th></tr></table>
 </div>
 <div id="adminright"><center><br><br><br><br>Return to main <a href="dashboard.php"><font color="red">Dashboard</font></a>, or you can <a href="log_out.php?id=<?php echo $_SESSION['userid']; ?>"><font color="red">Log Out</font></a></center></div>

 </body>
 </html> 
 <?php
 }



 // connect to the database
 include('connect-db.php');
 
 // check if the form has been submitted. If it has, process the form and save it to the database
 if (isset($_POST['back']))
	header("Location: mediator.php");
	
 if (isset($_POST['submit']))
	{ 
 // confirm that the 'id' value is a valid integer before getting the form data
		if (is_numeric($_POST['id']))
		{
 // get form data, making sure it is valid
			$id = $_POST['id'];
			$mediator = mysql_real_escape_string(htmlspecialchars($_POST['mediator']));
			
	 
 // check that firstname/lastname fields are both filled in
			if (($mediator == ''))
			{
 // generate error message
				$error = 'ERROR: Please fill in all required fields!';
 
 //error, display form
				renderForm($id, $mediator, $error);
			}
			else
			{
 // save the data to the database
				mysql_query("UPDATE mediator SET mediatorName='$mediator'  WHERE mediatorId='$id'")
				or die(mysql_error()); 
 
 // once saved, redirect back to the view page
				header("Location: mediator.php"); 
			}
		}
		else
		{
 // if the 'id' isn't valid, display an error
			echo 'Error!';
		}
	}
	else
 // if the form hasn't been submitted, get the data from the db and display the form
	{
 
 // get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
		if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
		{
 // query db
			$id = $_GET['id'];
			$result = mysql_query("SELECT * FROM mediator WHERE mediatorId=$id")
				or die(mysql_error()); 
			$row = mysql_fetch_array($result);
 
 // check that the 'id' matches up with a row in the databse
			if($row)
			{
 
 // get data from db
			$mediator = $row['mediatorName'];
 
 // show form
			renderForm($id, $mediator, '');
		}
	else
 // if no match, display result
	{
		echo "No results!";
	}
 }
 else
 // if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
 {
 echo 'Error!';
 }
 }
?>